[xmlsec] How to control C14N

Aleksey Sanin aleksey at aleksey.com
Wed May 16 06:59:13 PDT 2012

Take a look at xmlsec command line help. There are bunch
of options that allow you to dump the exact content before
digest/signature/verification so you will know exactly
what was digested or signed.


On 5/16/12 6:40 AM, Rich Duzenbury wrote:
> On Tue, May 15, 2012 at 11:02 PM, Aleksey Sanin <aleksey at aleksey.com> wrote:
>> You probably want to contact RSA FIM to figure out what this
>> exception means.
> RSA responded with: You must get the partner to change so that they
> are signing the responses only.
> Based on the template I mentioned previously, and the fact that the
> reference URI is emtpy, doesn't that mean that I'm signing the entire
> response?  As a test, I used the online validator successfully.  If I
> update the issueinstant in the <response> tag, the validator then
> fails the message as I expect.
> I'm still unclear on the following, as well:
> I presume enveloped signature means to sign the whole message, right?
> Is it enough to simply include <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> in the signature
> method, and the conicalization will magically be done by the library?
> Or do I have to signal xmlsec to do it in some way? or does it have
> tobe done with a different tool before the signing is completed?
> Thank you.
> Regards,
> Rich
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list